Detail Breakdown On How to Resolve IP Address Conflict on Linux

Detail Breakdown On How to Resolve IP Address Conflict on Linux

Configuring the network interaction of services is not the easiest task and is often performed without a deep understanding of how to configure the system and any settings that effect.

After transitioning services in Docker containers from centos 6 to Centos 7, we encountered a strange position of the web server: it tried to join the service via IPv6, and the service listened only to the IPv4 address. The standard advice in this situation is to disable IPv6 support. But it does not help in the cities. Which one? In this article, we set a goal to collect and explain in detail how applications solve addresses.

The publication will be useful to novice administrators and developers.SmartSpate

After reading this article, you will learn:

What is the Linux algorithm for resolving hostnames;

How to redefine the logic for defining hostnames;

What functions and libraries the OS uses;

What traps exist when configuring and how to prevent them;

The Linux operating system has several sources for determining the address by hostname. All the necessary functions for definition is in the GNU C Library (glibc). glibc is essentially a framework and implements many useful functions for the developer by providing its API for simplifying development. Among other things, glibc implements POSIX. Functions such as open, read, write, malloc, printf, getaddrinfo, dlopen, pthread_create, crypt, login, exit for Linux systems are provided by glibc.

Known to many utility hosts, dig and nslookup use glibc, but are supplied separately.

Now that the developer has the ability to call the getaddrinfo family function from glibc to determine the address, the need arises to configure the return values. For example, to use first /etc/hosts or a query to the DNS server. In glibc, this configuration is done using a schema called Name Service Switch (NSS).

If you explain on your fingers, then NSS allows you to set the databases and the order of search in these databases to provide the service. In our case, the service is a search for hostname, and the database can be /etc/hosts or DNS server. This is not the only service that is customizable through NSS, mail alias services are provided, and the user and group search service. You can see the list in the manuals.

Thanks to NSS, you can configure the mentioned databases without rebuilding the applications, at runtime. It is configured in /etc/nsswitch.conf. Below is an example of a config from the standard /etc/nsswitch.conf in Centos 7.

The files, DNS, and my hostname are database aliases for searching. files on most systems imply the use of /etc/hosts, DNS base is the DNS server to which the hostname search query will be executed, and my hostname is the most unusual database, about the existence of which few people know and it is not part of the standard delivery in glibc. In some distributions, the mdns4_minimal database is also present. Below is the analysis of these databases.

Bases are used in the order in which they are declared in /etc/nsswitch.conf and if a record is found in the current database, then the output from the chain is returned and the result is returned. If there is no result, the next database is listed in the list. If no result is found in any database, then such a response is given to the glibc query of getaddrinfo. The behavior of the transition to the next base and the conditions for such a transition can be further configured, for example, if the DNS is not available (not to be confused with the absence of a record), complete the chain. A clear and simple explanation of the principle of setting conditions for /etc/nsswitch.conf is given in this article.

Base files, and in particular /etc/hosts, out of the box in Centos 7 looks like this:

You can note that there are two entries for localhost: IPv4 and IPv6 address. It can play a cruel joke and at the end of the story, I’ll tell you why.

The DNS database uses the name server specified in the /etc/resolve.conf configuration file to determine the address. Here is an example of my /etc/resolv.conf on the host system:

Nameserver’a are used also by the chain and in the order of their announcement. In my case, the first is a local DNS server (we use dnsmasq) to set the local .priv zone addresses. If there is a match, then the address is returned from the local network. All other requests are sent to the primary DNS server with the address 192.168.100.1.

The base my hostname is present in the delivery of Centos and Ubuntu but is not part of glibc. Without knowing this fact, we spent a lot of time trying to figure out why IPv6 addresses are returned to me to determine the host. It works as follows:

When requesting a local hostname (that the hostname command returns), the plugin returns all IP addresses of the public interfaces (ie all except the loopback), in the absence of such interfaces, IPv4 address 127.0.0.2 and IPv6 address:: 1;

In the manual, they write about the special logic with the processing of hostname _gateway, but apparently, it’s some kind of patch, since it did not start with Centos 7.

Base mdns4_minimal or mdns_minimal is required for Avahi to work correctly. If necessary, you can refer to the Arch documentation on Avahi, where briefly and clearly given informationon use.

Now, when information on the bases and principles of their work is given, it is worth noting the differences in the definition of addresses in different tools, which leads to problems in runtime.

Typically, administrators check hostnames using the host command. This is incorrect, since host, like dig, uses only DNS resolving, but does not use NSS. Nginx, for example, uses the getaddrinfo function, and it uses NSS. This leads to the fact that the hosts hosted in /etc/hosts can work with nginx, but it will not be resolved in other ways. Much worse, when in /etc/hosts are hammered IPv6 address for a hostname, and in DNS settings only IPv4 address is returned. In this case, the administrator can verify that the host command returns only the IPv4 address and calms down, and then the application using getaddrinfo from glibc will start and find the IPv4 address and the IPv6 address for the same host. Error source …

To verify the results of each database returned, the documentation recommends using the getent utility.

Now the base DNS and hostname return the answers, and the files database does not contain data.

For DNS queries, the server is configured in /etc/resolv.conf in my container, for example:

$ cat /etc/resolv.conf
nameserver 127.0.0.11
options ndots:0

On the host machine is installed dnsmasq which proxy and caches the responses of DNS servers. The answer from DNS will depend on the settings of the DNS server to which the request came. RFC 1912 recommends in point 4.1 to configure DNS servers in such a way that localhost points to 127.0.0.1.

These are set up to either provide a service for “special”addresses, or to help eliminate accidental queries for broadcast orlocal address to be sent off to the root nameservers. All of thesefiles will contain NS and SOA records just like the other zone filesyou maintain the exception is that you can probably make the SOAtimers very long, with this data, will never change.

The “localhost” address is a “special” address which always refers to the localhost. It should contain the following line:

localhost. IN A 127.0.0.1

In our case, dnsmasq from the box contains entries for localhost, as RFC recommends.

It turns off either by deleting entries from /etc/hosts on the DNS server itself, or by turning on the no-hosts option in /etc/dnsmasq.conf.

After enabling the get option for the base myhostname will return a non-empty result, but as noted above, with the included myhostname, IPv4, and IPv6 address will be returned. On systems with static IP addresses, you can safely turn off the myhostname plugin and configure local hosts using /etc/hosts. An alternative is to disable IPv6.

The status of IPv6 on the server can be obtained from the kernel parameters. The value 0 is returned when IPv6 is on, and 1 is turned off.

The AI_V4MAPPED flag of the getaddrinfo function maps IPv6 addresses to IPv4 if IPv6 addresses were not found as a result of polling the database. The AI_ADDRCONFIG flag will force getaddrinfo to check for the presence of IPv6/IPv4 addresses configured on the system and in the absence of at least one IPv6/IPv4 address, IPv6/IPv4 will not be returned regardless of what the particular database will respond.

Since getent has both flags enabled, and in /etc/hosts the addresses 127.0.0.1 and :: 1 are assigned to localhost, getaddrinfo will get hosts from NSS (in the example above we discussed this database), addresses 127.0.0.1 and :: 1, then without detecting any IPv6 addresses in the system (they are turned off by kernel parameters) and will make the mapping :: 1 -> 127.0.0.1.

To better understand this concept, I’ll give examples with the output of getaddrinfo on the same system, with different settings for ai_flags and ai_family. In /etc/hosts, localhost IPv4, and IPv6 addresses are enabled.

The output shows that with _aifamily equal to _AIUNSPEC (return both IPv4 and IPv6) and without the AI_ADDRCONFIG flag getaddrinfo returns two addresses, IPv4 and IPv6, which many administrators are not obese to see. This happens regardless of whether IPv6 is disabled in the kernel parameters. If you remove the address :: 1 in /etc/hosts, then IPv6 addresses completely disappear from the getaddrinfo output (with the AF_UNSPEC flag).

With IPv6 enabled and the presence of :: 1 in /etc/hosts, IPv4 and IPv6 will be returned. To resolve them, the IPv6 address needs to comment out the IPv6 address in /etc/hosts. If the addresses are found in /etc/hosts, the base glibc will not get into DNS and myhostname.

It remains to check how getaddrinfo behaves for the DNS database. To do this, we will leave /etc/nsswitch.conf for hosts only DNS database and resolve google.com.

The Founder of Smart Spate. His role involves creating work to the highest standards, supporting other members of the team, and researching techniques and systems to keep SmartSpate at the forefront of digital. We spent a lot of time making sure that the topics were high quality and with the most informative approach.
He has an unhealthy love for Web Developing/Design and IT filed in general, he enjoys exploring the ever-changing world of web developing.

Find Us At:

error: This Content is Protected! All Rights belong to Smart Spate Ltd.

This website uses cookies. By continuing to use this website you are giving consent to cookies being used. For information on a cookie and how it impacts on users, you can visit our Privacy Policy and Cookie Policy.AcceptCloseRead more